Janek Bevendorff bd2315ccda Update README and pillar.example with new to_port property | 6 years ago | |
---|---|---|
_modules | 6 years ago | |
_states | 6 years ago | |
test/integration/ufw | 6 years ago | |
ufw | 6 years ago | |
.gitignore | 6 years ago | |
.kitchen.yml | 6 years ago | |
.travis.yml | 6 years ago | |
Gemfile | 6 years ago | |
LICENSE | 10 years ago | |
README.md | 6 years ago | |
pillar.example | 6 years ago |
This module manages your firewall using ufw with pillar configured rules.
See the full Salt Formulas installation and usage instructions.
All the configuration for the firewall is done via pillar (pillar.example).
Enable firewall, applying default configuration:
ufw:
enabled: True
Allow 80/tcp (http) traffic from only two remote addresses:
ufw:
services:
http:
protocol: tcp
from_addr:
- 10.0.2.15
- 10.0.2.16
Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip:
ufw:
services:
https:
protocol: tcp
from_addr:
- 10.0.0.0/8
to_addr: 10.0.2.1
Allow from a service port:
ufw:
services:
smtp:
protocol: tcp
Allow from an specific port, by number:
ufw:
services:
139:
protocol: tcp
Allow from a range of ports, udp:
ufw:
services:
"10000:20000":
protocol: udp
Allow from a range of ports, tcp and udp
ufw:
services:
"10000:20000/tcp":
to_port: "10000:20000"
protocol: tcp
"10000:20000/udp":
to_port: "10000:20000"
protocol: udp
Allow from two specific ports, udp:
ufw:
services:
"30000,40000":
protocol: udp
Allow an application defined at /etc/ufw/applications.d/:
ufw:
applications:
- OpenSSH
This formula is tested with Kitchen and Inspec in a Docker container.
To run tests you need to
bundle install
kitchen test
Original state and module based on the work from Yigal Duppen.
Salt formula originally developed by Mario del Pozo.